[mod_python] pool and mps

Graham Dumpleton grahamd at dscpl.com.au
Thu Jan 27 16:36:56 EST 2005


Jorey Bump wrote ..
> 3. Best, import handle from external module, preferably in path outside
> of DocumentRoot:
> 
> # connect.py
> # put this module in a directory in PYTHONPATH
> import MySQLdb
> # Set up db connection and return handle.
> _dbhost = "localhost"
> _dbuser = "bob"
> _dbpwd  = "secret"
> _dbname = "foo"
> dbh = MySQLdb.connect(_dbhost, _dbuser, _dbpwd, _dbname)

This approach of having it in a separate module (outside of your document
tree), is also preferred for other reasons as well.

Namely, it is never a good idea to have login names and passwords, or any
sensitive information for that matter within a Python code file which exists
within the document tree. All it takes is for a coding stuff up on your own
part, a misconfiguration of Apache or for some other problem to arise and
your Python code files could get exposed to the outside world, thus revealing
said logins, passwords or other sensitive information. That in publisher
globals not prefixed with an underscore are exposed, makes it even more
prone to these risks than other mechanisms.

Graham


More information about the Mod_python mailing list